Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-8185

Quay operator 3.13 failed to upgrade managed clair postgres on openshift with FIPS enabled

XMLWordPrintable

    • False
    • None
    • False
    • Critical

      Description

      When install quay operator on openshift with FIPS enabled, operator upgrade will fail to managed clair postgres migration

      Reproduced Steps
      1. Install quay operator 3.12 on an openshift cluster with FIPS enabled
      2. Create quayregistry with managed component clair and clair postgres
      3. Upgrade to quay operator 3.13
      Actual Results

      Upgrade cannot complete and clair postgres upgrade pod keeps crash

      $ oc get po -w
      NAME                                           READY   STATUS                  RESTARTS      AGE
      registry-clair-postgres-old-798cc488fc-5g9x2   1/1     Running                 0             2m40s
      registry-clair-postgres-upgrade-ssztt          0/1     CrashLoopBackOff        4 (48s ago)   2m41s
      Additional Info

      clair postgres upgrade pod logs:

      The files belonging to this database system will be owned by user "postgres".
      This user must also own the server process.
      
      The database cluster will be initialized with locale "en_US.utf8".
      The default database encoding has accordingly been set to "UTF8".
      The default text search configuration will be set to "english".
      
      Data page checksums are disabled.
      
      fixing permissions on existing directory /var/lib/pgsql/data/userdata ... ok
      creating subdirectories ... ok
      selecting dynamic shared memory implementation ... posix
      selecting default max_connections ... 100
      selecting default shared_buffers ... 128MB
      selecting default time zone ... Etc/UTC
      creating configuration files ... ok
      running bootstrap script ... ok
      performing post-bootstrap initialization ... ok
      syncing data to disk ... ok
      
      
      Success. You can now start the database server using:
      
          pg_ctl -D /var/lib/pgsql/data/userdata -l logfile start
      
      initdb: warning: enabling "trust" authentication for local connections
      initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
      waiting for server to start....2024-10-29 10:22:38.580 GMT [36] LOG:  redirecting log output to logging collector process
      2024-10-29 10:22:38.580 GMT [36] HINT:  Future log output will appear in directory "log".
       done
      server started
      /var/run/postgresql:5432 - accepting connections
      pg_dumpall: error: connection to server at "registry312-clair-postgres-old" (172.30.250.145), port 5432 failed: could not encrypt password: disabled for FIPS
      fe_sendauth: error sending password authentication
      postgres migration command failed, cleaning up...

       

       

              rh-ee-shudeshp Shubhra Jayant Deshpande
              rhn-support-dyan Dongbo Yan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: